Description
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
References (26)
Core 26
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039581
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101274
Various Sources x_refsource_confirm
https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1066697
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2017/dsa-3999
Third Party Advisory x_refsource_confirm
https://access.redhat.com/security/vulnerabilities/kracks
Third Party Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171016-wpa
Third Party Advisory x_refsource_misc
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
Third Party Advisory x_refsource_confirm
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039571
Various Sources x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-299-02
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2017-11-01
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201711-03
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2907
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039570
Third Party Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/LEN-17420
Third Party Advisory vendor-advisory
x_refsource_freebsd
https://security.FreeBSD.org/advisories/FreeBSD-SA-17:07.wpa.asc
Technical Description, Third Party Advisory x_refsource_misc
https://www.krackattacks.com/
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039573
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/228519
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-901333.pdf
Exploit, Third Party Advisory x_refsource_misc
https://github.com/vanhoefm/krackattacks-test-ap-ft
Various Sources x_refsource_confirm
https://cert.vde.com/en-us/advisories/vde-2017-005
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-3455-1
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html
Scores
CVSS v3
8.1
EPSS
0.0159
EPSS Percentile
81.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-323
CWE-330
Status
published
Products (48)
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
17.04
debian/debian_linux
8.0
debian/debian_linux
9.0
freebsd/freebsd
freebsd/freebsd
10
freebsd/freebsd
10.4
freebsd/freebsd
11
freebsd/freebsd
11.1
... and 38 more
Published
Oct 17, 2017
Tracked Since
Feb 18, 2026